The problem that we are addressing exists in the functioning of the Internet or any communications network. Such networks are inherently vulnerable to at least two types of attacks which disrupt or disable the functioning of network services. The two general types of problems are called flooding attacks and pattern attacks. Flooding attacks typically occur by a ramping up of the volume of traffic on a particular Internet line. The attackers ramp up the volume by creating situations that encourage multiple computers to interact simultaneously to create a giant flood of information directed at a single source. This is a process that often is enabled by using “third party victim” computers so that the computers at legitimate innocent sites are used in a multiplicity to create and generate a high volume of requests to a target site unknown to the victim.
There are other types of volume attacks. Different programs are used to spoof addresses, which means that an attacker creates packets and places messages inside the packets to make it appear as if the packet is coming from a particular address, while, in fact, it is not coming from that address at all. For example, person “A” could mail a letter and put person “B's” return address on the letter. This sounds innocent enough, but when it comes to tracking these volume attacks, it becomes very difficult. Thus, these attacks not only have the ability to ramp up the volume, but they have the ability to hide themselves, giving them endless opportunities to do it again and again.
Another general type of attack is what is called by some a pattern or formatting attack. A formatting attack does not have so much to do with volume, but rather has to do with the quality of the information that is coming over the line. An attacker can format a packet in such a way that it can either 1) confuse the server so that the server does not know what to do to service the request; or 2) it can cause the server to go into loops or expend endless resources trying to service that single request. This can be thought of in terms of receiving a bogus message through the mail where the sender is pretending to be a high government official. The recipient then might be thrown into a turmoil trying to get information together to answer a bogus request when, in fact, the request was not official at all. Malformed packets can cause the same reaction. The recipient is unable to determine the “credibility” of the request, or is unable to validate or recognize a key portion of the packet, thereby creating a “state-of-confusion” loop.